network management - cse.wustl.edujain/cse473-11/ftp/i_9mgm.pdf · washington university in st....
TRANSCRIPT
9-1©2011 Raj JainCSE473sWashington University in St. Louis
Network ManagementNetwork Management
Raj JainRaj JainWashington University in Saint Louis
Saint Louis, MO [email protected]
Audio/Video recordings of this lecture are available on-line at:http://www.cse.wustl.edu/~jain/cse473-11/
9-2©2011 Raj JainCSE473sWashington University in St. Louis
OverviewOverview
q What is Network Management and How?q ASN.1q Management Information Base (MIB)q SNMP: Protocol, Message formatsq SNMP V2Note: This class lecture is based on Chapter 9 of the textbook
(Kurose and Ross) and the figures provided by the authors.
9-3©2011 Raj JainCSE473sWashington University in St. Louis
What is Network Management?What is Network Management?q Traffic on Network = Data + Control + Managementq Data = Bytes/Messages sent by usersq Control = Bytes/messages added by the system to properly
transfer the data (e.g., routing messages)q Management = Optional messages to ensure that the network
functions properly and to handle the issues arising from malfunction of any component
q If all components function properly, control is still required but management is optional.
q Examples:q Detecting failures of an interface card at a host or a routerq Monitoring traffic to aid in resource deploymentq Intrusion Detection
9-4©2011 Raj JainCSE473sWashington University in St. Louis
Components of Network ManagementComponents of Network Management1. Performance Management:
Measure, report, analyze, and control traffic, messages2. Fault Management:
Detect, log, and respond to fault conditions3. Configuration Management:
Track and control which devices are on or off4. Accounting Management:
Monitor resource usage for records and billing 5. Security Management:
Enforce policy for access control, authentication, and authorization
9-5©2011 Raj JainCSE473sWashington University in St. Louis
How is Network Managed?How is Network Managed?
q Management = Initialization, Monitoring, Controlq Manager, Agents, and
Management Information Base (MIB)
NetworkMIB Agent
NetworkManagementStation
MIBAgent
MIBAgent
9-6©2011 Raj JainCSE473sWashington University in St. Louis
Example of Network ManagementExample of Network Management
Router(Agent)
Router(Agent)
Router(Agent)
Management Server(Manager)
Agent
Agent
9-7©2011 Raj JainCSE473sWashington University in St. Louis
Internet Management FrameworkInternet Management Framework
1. Structure of Management Information (SMI):Data definition language for objectsASN.1 was defined by ISO and is used in SNMP.
2. Management Information Base (MIB):Distributed network management data
3. SNMP protocol: Manager Managed object communication
4. Security, administration capabilities:Major addition in SNMPv3
9-8©2011 Raj JainCSE473sWashington University in St. Louis
ASN.1ASN.1
q Abstract Syntax Notation Oneq Joint ISO and ITU-T standard, Original 1984, latest
2002.q Used to specify protocol data structuresq X.400 electronic mail, X.500 and LDAP directory
services, H.323 VOIP, SNMP, etc use ASN.1q Pre-Defined: 1=Boolean, 2=Integer, 3=Bit String,
4=Octet String, 5=Null, 6=Object Identifier, 9=Realq Constructed: SEQUENCE (structure), SEQUENCE
OF (lists), CHOICE, ...
9-9©2011 Raj JainCSE473sWashington University in St. Louis
SMI Base Data TypesSMI Base Data TypesData Type Description INTEGER ASN.1 32-bit integer between -231 and 231-1 Integer32 32-bit integer between -231 and 231-1 Unsigned32 Unsigned 32-bit integer between 0 and 232-1 OCTET STRING ASN.1 byte string for binary or text up to 65,535 bytes
long OBJECT IDENTIFER
ASN.1 format administratively assigned object identifier
IPaddress 32-bit Internet address in network-byte order Counter32 32-bit counter that increases from 0 to 232-1 and wraps to
0 Counter64 64-bit counter Gauge32 32-bit integer that does not count above 232-1 or below 0 TimeTicks Time interval measured in 1/100th of a second Opaque Uninterpreted ASN.1 string (needed for backward
compantibility)
9-10©2011 Raj JainCSE473sWashington University in St. Louis
ASN.1 ExampleASN.1 ExampleAddressType ::= SEQUENCE {name OCTET STRING,number INTEGER,street OCTET STRING,city OCTET STRING,state OCTET STRING,zipCode INTEGER}
9-11©2011 Raj JainCSE473sWashington University in St. Louis
Encoding RulesEncoding Rules
q ASN.1 only specifies the structure.q Encoding rules indicate how to encode the structure in
to bits on the wire.q Examples: Basic Encoding Rules (BER), Packed
Encoding Rules (PER), XML Encoding rules (XER), Distinguished Encoding Rules (DER), ...
q In BER, everything is encoded as Tag-Length-Value.
9-12©2011 Raj JainCSE473sWashington University in St. Louis
BER ExampleBER Example
q John Miller, 126 Main Street, Big City, MO 6313030 80 04 0B 4A 6F 68 6E 20 4D 69 6C 6C 65 72Seq. Len Oct Str Len J o h n M i l l e r
02 01 FEInt Len 123
04 0B 4D 61 69 6E 20 53 74 72 65 65 74Oct str 11 M a i n S t r e e t
04 08 42 69 67 20 43 69 74 79Oct Str Len B i g C i t y
04 02 4D 4F 02 02 F6 96 0Oct Str Len M O Int len 63130 Null
7E126
2F
Len
9A
9-13©2011 Raj JainCSE473sWashington University in St. Louis
Management Information BaseManagement Information Baseq MIBs follow a fixed naming and structuring convention
Structure of Management Information (SMI)q These conventions were adopted from Common management
Information Protocol (CMIP) designed by ISOq All names are globally uniqueq All nodes of the name tree are assigned numeric values by
standards authoritiesiso.org.dod.internet.mgmt.mib.ip.ipInReceives1.3.6.1.2.1.4.3
q Tables rows are referenced by appending the indexq All names are specified using a subset of Abstract Syntax
Notation (ASN.1)q ASN.1 specifies notation (that humans can read) and encoding
(representation and ranges)
9-14©2011 Raj JainCSE473sWashington University in St. Louis
Global Naming HierarchyGlobal Naming Hierarchy
fddimib (73)
fddi (15)
dod (6)
internet (1)
directory (1) mgmt(2) experimental (3)private (4)
mib (1)
system (1) interfaces (2) transmission(10)
ccitt(0) iso (1) joint-iso-ccitt (2)
standard (0)
iso9314 (9314)
fddiMIB (1)
org (3)
fddi (8)
UDP (7)
UDPInDatagrams (1)
9-15©2011 Raj JainCSE473sWashington University in St. Louis
MIB Naming Example: UDP ModuleMIB Naming Example: UDP Module
Object ID Name Type Comments
1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 total # datagrams delivered at this node
1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagramsno app at portl
1.3.6.1.2.1.7.3 UDInErrors Counter32 # undeliverable datagramsall other reasons
1.3.6.1.2.1.7.4 UDPOutDatagrams Counter32 # datagrams sent
1.3.6.1.2.1.7.5 udpTable SEQUENCE one entry for each portin use by app, gives port # and IP address
9-16©2011 Raj JainCSE473sWashington University in St. Louis
MIB Definition: ExampleMIB Definition: ExampleipAddrTable ::= SEQUENCE of ipAddrEntryipAddrEntry ::= SEQUENCE {ipAdEntAddr ipAddress,ipAdEntIfIndex INTEGER,ipAdEntNetMask ipAddress,ipAdEntBcastAddr ipAddress,ipAdEntReasmMaxSize INTEGER (0..65535)}ipAddrEntry {ipAddrTable 1}ipAdEntNetMask {ipAddrTable 3}
9-17©2011 Raj JainCSE473sWashington University in St. Louis
SNMPSNMPq Based on Simple Gateway Management Protocol (SGMP) –
RFC 1028 – Nov 1987q SNMP = Simply Not My Problem [Marshall Rose]
Simple Network Management Protocolq RFC 1058, April 1988q Only Five commands
Command Meaningget-request Fetch a valueget-next-request Fetch the next value (in a tree)get-response Reply to a fetch operationset-request Store a valuetrap An event
9-18©2011 Raj JainCSE473sWashington University in St. Louis
SNMP protocolSNMP protocol
Two ways to convey MIB info, commands:
Agent data
Managed device
ManagingEntity
Response
Agent data
Managed device
ManagingEntity
Trap MsgRequest
Request/response mode Trap mode
9-19©2011 Raj JainCSE473sWashington University in St. Louis
SNMPv2 PDU TypesSNMPv2 PDU TypesSNMPv2 PDU Type
Sender-Receiver
Description
GetRequest Manager-to-agent
Get value of one or more MIB object instances
GetNextRequest Manager-to-agent
Get value of next MIB object instance in list or table
GetBulkRequest Manager-to-agent
Get values in large block of data, e.g., whole table
InformRequest Manager-to-manager
Inform remote managing entity of MIB values
SetRequest Manager-to-agent
Set value of one or more MIB object
Response Agent-to-Manager
GetRequest, GetNextRequest, GetBulkRequest,SetRequest or InformRequest
SNMPv2 Trap Angent-to- Inform manager of exceptional
9-20©2011 Raj JainCSE473sWashington University in St. Louis
SNMP Message FormatsSNMP Message Formats
9-21©2011 Raj JainCSE473sWashington University in St. Louis
SNMPv1 ConfigurationSNMPv1 Configurationq Manager sends request to UDP port 161.
Agents send traps to UDP port 162
9-22©2011 Raj JainCSE473sWashington University in St. Louis
SNMPv2SNMPv2
q Improved security: authentication and integrity using Data Encryption Standard (DES)
q inform request Multiple manager coordinationLocking mechanisms prevent multiple managers from writing at the same time
q get bulk Better table handlingq Confirmation option for Traps Agents can ensure that trap was received correctly.
q New Error codes: noSuchName, badValue, readOnlyq Reference: RFC 1441, April 1993 and more
9-23©2011 Raj JainCSE473sWashington University in St. Louis
SummarySummary
q Management = Initialization, Monitoring, and Controlq SNMP = Only 5 to 7 commandsq Standard MIBs defined for each objectq Uses ASN.1 encodingq SNMPv2 fixed issues with bulk requests and simple security
9-24©2011 Raj JainCSE473sWashington University in St. Louis
Review ExercisesReview Exercises
q Try but do not submitq Review Questions: R1 through R12q Problems P1 through P8q Read Pages 771-800
9-25©2011 Raj JainCSE473sWashington University in St. Louis
Homework 9Homework 9
q What would be the BER encoding of {firstname “Ed”} {weight 259}? ASN.1 type for octet strings is 4 and for integers it is 2.